Checkin to see if lib gets fudo
This commit is contained in:
parent
643f8d6df4
commit
3597d82f64
@ -30,6 +30,7 @@ in {
|
||||
"niten@RUS.SELBY.CA"
|
||||
"niten/root@RUS.SELBY.CA"
|
||||
];
|
||||
email = "niten@fudo.org";
|
||||
};
|
||||
|
||||
andrew = {
|
||||
@ -114,6 +115,7 @@ in {
|
||||
home-directory = "/home/reaper";
|
||||
k5login =
|
||||
[ "reaper@FUDO.ORG" "reaper/root@FUDO.ORG" "reaper/admin@FUDO.ORG" ];
|
||||
email = "reaper@fudo.org";
|
||||
};
|
||||
|
||||
slickoil = {
|
||||
@ -198,6 +200,7 @@ in {
|
||||
# user-email = "xiaoxuan@fudo.org";
|
||||
# home-dir = "/home/fudo/xiaoxuan";
|
||||
# };
|
||||
email = "xiaoxuan@fudo.org";
|
||||
};
|
||||
|
||||
thibor = {
|
||||
@ -488,6 +491,7 @@ in {
|
||||
ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA";
|
||||
login-hashed-passwd =
|
||||
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
|
||||
email = "viator@informis.land";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
8
flake.lock
generated
8
flake.lock
generated
@ -223,7 +223,7 @@
|
||||
"niten-doom-config": "niten-doom-config"
|
||||
},
|
||||
"locked": {
|
||||
"narHash": "sha256-45L0HqvqGw7+s87MvKMR14cxEhBJHRnanmTpJlw7E78=",
|
||||
"narHash": "sha256-SU2+Swf6wHfyRGx3tsIh3iX/NWbsBgVCDeGPRgVuXEA=",
|
||||
"path": "./nix-home",
|
||||
"type": "path"
|
||||
},
|
||||
@ -346,11 +346,11 @@
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1632918953,
|
||||
"narHash": "sha256-XY3TKBfhP7wCu/SeqrwIkTWkyYHy5W1yRR8pxyzRY9Y=",
|
||||
"lastModified": 1633267966,
|
||||
"narHash": "sha256-gFKvZ5AmV/dDTKXVxacPbXe4R0BsFpwtVaQxuIm2nnk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ee90403e147b181300dffca5b0afa405e14f1945",
|
||||
"rev": "7daf35532d2d8bf5e6f7f962e6cd13a66d01a71d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@ -6,6 +6,8 @@ with lib; {
|
||||
|
||||
./instance.nix
|
||||
|
||||
./fudo-lib.nix
|
||||
|
||||
./fudo/acme-for-hostname.nix
|
||||
./fudo/authentication.nix
|
||||
./fudo/backplane
|
||||
@ -14,7 +16,6 @@ with lib; {
|
||||
./fudo/distributed-builds.nix
|
||||
./fudo/dns.nix
|
||||
./fudo/domains.nix
|
||||
./fudo-lib.nix
|
||||
./fudo/garbage-collector.nix
|
||||
./fudo/git.nix
|
||||
./fudo/global.nix
|
||||
|
||||
@ -7,7 +7,7 @@ in
|
||||
{
|
||||
lib.overlays = [
|
||||
(final: prev: {
|
||||
fudo = {
|
||||
final.fudo = {
|
||||
inherit ip dns;
|
||||
};
|
||||
})
|
||||
|
||||
@ -8,8 +8,6 @@ let
|
||||
|
||||
traceout = out: builtins.trace out out;
|
||||
|
||||
fudo-lib = import ../fudo-lib.nix { inherit lib; };
|
||||
|
||||
in {
|
||||
|
||||
options.fudo.local-network = with types; {
|
||||
@ -110,20 +108,20 @@ in {
|
||||
interfaces = cfg.dhcp-interfaces;
|
||||
|
||||
extraConfig = ''
|
||||
subnet ${fudo-lib.ip.getNetworkBase cfg.network} netmask ${
|
||||
fudo-lib.ip.maskFromV32Network cfg.network
|
||||
subnet ${lib.fudo.ip.getNetworkBase cfg.network} netmask ${
|
||||
lib.fudo.ip.maskFromV32Network cfg.network
|
||||
} {
|
||||
authoritative;
|
||||
option subnet-mask ${fudo-lib.ip.maskFromV32Network cfg.network};
|
||||
option broadcast-address ${fudo-lib.ip.networkMaxIp cfg.network};
|
||||
option subnet-mask ${lib.fudo.ip.maskFromV32Network cfg.network};
|
||||
option broadcast-address ${lib.fudo.ip.networkMaxIp cfg.network};
|
||||
option routers ${cfg.gateway};
|
||||
option domain-name-servers ${concatStringsSep " " cfg.dns-servers};
|
||||
option domain-name "${cfg.domain}";
|
||||
option domain-search "${
|
||||
concatStringsSep " " ([ cfg.domain ] ++ cfg.search-domains)
|
||||
}";
|
||||
range ${fudo-lib.ip.networkMinIp cfg.dhcp-dynamic-network} ${
|
||||
fudo-lib.ip.networkMaxButOneIp cfg.dhcp-dynamic-network
|
||||
range ${lib.fudo.ip.networkMinIp cfg.dhcp-dynamic-network} ${
|
||||
lib.fudo.ip.networkMaxButOneIp cfg.dhcp-dynamic-network
|
||||
};
|
||||
}
|
||||
'';
|
||||
@ -225,7 +223,7 @@ in {
|
||||
${join-lines (mapAttrsToList hostSshFpRecords network.hosts)}
|
||||
${join-lines (mapAttrsToList cnameRecord network.aliases)}
|
||||
${join-lines network.verbatim-dns-records}
|
||||
${fudo-lib.dns.srvRecordsToBindZone network.srv-records}
|
||||
${lib.fudo.dns.srvRecordsToBindZone network.srv-records}
|
||||
'';
|
||||
}] ++ blockZones;
|
||||
};
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
with lib;
|
||||
let
|
||||
|
||||
user = import ../types/users.nix { inherit lib; };
|
||||
user = import ../types/user.nix { inherit lib; };
|
||||
|
||||
list-includes = list: el: isNull (findFirst (this: this == el) null list);
|
||||
|
||||
@ -100,10 +100,15 @@ in {
|
||||
IdentityFile /etc/ssh/private_keys.d/%u.key
|
||||
'';
|
||||
|
||||
environment.etc = let
|
||||
privkey-users = filterAttrs (username: userOpts: userOpts.ssh-keys != null) sys.local-users;
|
||||
in mapAttrs' (username: userOpts:
|
||||
nameValuePair "ssh/private_keys.bd/${username}.key" userOpts.ssh-keys.private-key) privkey-users;
|
||||
environment.etc = mapAttrs' (username: userOpts:
|
||||
nameValuePair
|
||||
"ssh/private_keys.d/${username}"
|
||||
{
|
||||
text = concatStringsSep "\n"
|
||||
(map (keypair: readFile keypair.public-key)
|
||||
userOpts.ssh-keys);
|
||||
})
|
||||
sys.local-users;
|
||||
|
||||
users = {
|
||||
users = mapAttrs (username: userOpts: {
|
||||
|
||||
@ -2,7 +2,8 @@
|
||||
|
||||
with lib;
|
||||
let
|
||||
user = import ./types/users.nix { inherit lib; };
|
||||
user = import ./types/user.nix { inherit lib; };
|
||||
|
||||
in {
|
||||
options.instance = with types; {
|
||||
hostname = mkOption {
|
||||
@ -31,7 +32,7 @@ in {
|
||||
};
|
||||
|
||||
local-groups = mkOption {
|
||||
type = listOf str;
|
||||
type = attrsOf (submodule user.groupOpts);
|
||||
description = "List of groups which should be created on the local host.";
|
||||
};
|
||||
|
||||
@ -41,7 +42,7 @@ in {
|
||||
};
|
||||
|
||||
local-users = mkOption {
|
||||
type = attrsOf user.userOpts;
|
||||
type = attrsOf (submodule user.userOpts);
|
||||
description = "List of users who should have access to the local host";
|
||||
};
|
||||
};
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
with lib;
|
||||
rec {
|
||||
systemUserOpts = { username, ... }: {
|
||||
options = with lib.types; {
|
||||
username = mkOption {
|
||||
@ -95,20 +96,25 @@
|
||||
};
|
||||
|
||||
ssh-keys = mkOption {
|
||||
type = nullOr (listOf (submodule sshKeyOpts));
|
||||
type = listOf (submodule sshKeyOpts);
|
||||
description = "Path to the user's public and private key files.";
|
||||
default = [];
|
||||
};
|
||||
|
||||
email = mkOption {
|
||||
type = nullOr str;
|
||||
description = "User's primary email address.";
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
groupOpts = { group-name, ... }: {
|
||||
options = with lib.types; {
|
||||
group-name = mkOption {
|
||||
type = nullOr str;
|
||||
default = group-name;
|
||||
description = "Group name.";
|
||||
};
|
||||
# group-name = mkOption {
|
||||
# description = "Group name.";
|
||||
# default = group-name;
|
||||
# };
|
||||
|
||||
description = mkOption {
|
||||
type = str;
|
||||
|
||||
2
nix-home
2
nix-home
@ -1 +1 @@
|
||||
Subproject commit 94f5f2560a40b167ce368812c6b883bd7c6df5c1
|
||||
Subproject commit 711576e6e4cede979b15cf9d1c8c3d42fb565a99
|
||||
Loading…
Reference in New Issue
Block a user